Monitor with AppInsight for Active Directory
Key aspects of monitoring Microsoft Active Directory involve keeping a close watch on the application and service availability, and ensuring various performance metrics are checked against accepted thresholds.
AppInsight for Active Directory monitors physical and virtual Active Directory environments to identify issues about domain controllers, replication, and more. You can use this AppInsight application to track many key aspects of Active Directory by getting relevant performance data from the server level. You can also drill down into the datastore layer for performance data.
Click here for an overview about AppInsight applications.
You can add AppInsight for Active Directory to domain controllers automatically during Discovery or manually via the Node Details view. After it's assigned to a node, AppInsight for Active Directory is considered an application and reports data to SAM through a set of component monitors included in the AppInsight for Active Directory template, such as:
- Windows Event Log Monitors that scan event logs for server-related events.
- Performance Counter Monitors that collect Windows Performance Counter data.
Here are some ways to use the status and metrics provided by AppInsight for Active Directory:
File replication service: Identify replication failures or network issues that lead to slow replication rates between websites.
Directory services: Watch critical directory services to ensure your email and phone contacts are always synchronized.
Service outages: Monitor domain controllers continuously to prevent service outages. Diagnose performance issues by tracking CPU usage, connected users, failed logins, account lockouts, and more. Discover domain controllers on unmonitored nodes.
Dependencies: Troubleshoot Active Directory dependencies with widgets that show in-depth details about issues impacting performance.
A Microsoft Azure Active Directory API Poller template is also available. To learn more about API pollers, watch API Pollers: When SNMP Won't Cut It.
Note the following details about AppInsight for Active Directory:
If using a component-based SAM license, AppInsight applications consume licenses at flat rates.
Multiple instances of this database-intensive feature can impact performance. Consider limiting usage to a few key domain controllers. You can also adjust Advanced settings on individual nodes to boost performance by polling for LDAP data on a single domain controller in a domain, while continuing to gather replication details for all domain controllers in that domain.
When AppInsight for Active Directory is assigned to a specific node, SAM creates a DCApplication entity for the domain controller. Each DCApplication is grouped by the domain entity to which it belongs. SAM uses .NET Framework to poll data via a secure LDAP protocol for each domain. Gathered data includes the number of controllers, users, computers, replications, and site statistics.
AppInsight for Active Directory uses domain controller IP addresses instead of domain names for polling. LDAP components do not include the $DomainName parameter in configuration fields. This use of IP address enables different applications to get data from all monitored domain controllers in a single domain.
Like the other AppInsight templates, the AppInsight for Active Directory template includes several component monitors with default settings that cannot be modified due to dependencies. Also, you cannot add component monitors to this template.
To start using AppInsight for Active Directory:
- Review the following topics:
- Assign AppInsight to monitored domain controllers running Active Directory Domain Services.
- Configure AppInsight for Active Directory for specific domain controllers. For example, adjust component monitor thresholds, certificate handling, and LDAP ports.
To further refine AppInsight monitoring:
- Customize AppInsight for Active Directory on individual domain controllers to boost performance
- Customize widgets in views.
- Configure alerts for domain controller usage and thresholds.
- Set up monitoring under the context of an account with the "least privileges."
To learn more, review the Domain Controller Health Check and Monitoring use case. You can also watch Deep Dive on using AppInsight templates and The Who, What, and When of Active Directory Monitoring.